UBUNTU-CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

SSO Authentication Bypass and Website Takeover in DOKEOS

High-Tech Bridge Security Research Lab discovered a high-risk vulnerability in a popular e-learning software DOKEOS. A remote unauthenticated attacker can bypass authentication process and login to the vulnerable website with an arbitrary account including administrator's one. Successful...

VMware ESX Multiple Bash Vulnerabilities (VMSA-2014-0010) (Shellshock)

The remote VMware ESX host is affected by multiple vulnerabilities in the Bash shell : - A command injection vulnerability exists in GNU Bash known as Shellshock. The vulnerability is due to the processing of trailing strings after function definitions in the values of environment variables. This...

Phan - Static Analyzer For PHP

Phan is a static analyzer for PHP. Getting it running Phan requires PHP 7+ with the php-ast extension loaded. The code you analyze can be written for any version of PHP. To get phan running; 1. Clone the repo 2. Run composer install to load dependencies 3. Run ./test to run the test suite 4. Test...

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

Adobe Flash TextField Variable - Use-After Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=583 If a TextField variable is set to a value with toString defined, and the TextField is updated, a use-after-free can occur if the toString method frees the TextField's...

Adobe Flash TextField.Variable Setter - Use-After-Free

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=579 There is a use-after-free in the TextField.variable setter. If the variable name that is added is an object with toString defined, the toString function can free the...

Adobe Flash - TextField.Variable Setter Use-After-Free

Adobe Flash - TextField.Variable Setter Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=579 There is a use-after-free in the TextField.variable setter. If the variable name that is added is an object with toString defined, the toString function can free...

Code injection

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2833-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2833-1 advisory. Andrei Vaida, Jesse Ruderman, Bob Clary, Christian Holler, Jesse Ruderman, Eric Rahm, Robert Kaiser, Harald Kirschner, and Michael Henretty discovered...

UBUNTU-CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...

Integer overflow

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the startoctet variable. NOTE: this vulnerability exists because of an incomplete fix for...

Integer overflow

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2015-8078

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2015-8077

CVE-2015-8077 is a Cyrus IMAP vulnerability affecting 2.3.19, 2.4.18, and 2.5.6 where an integer overflow in index_urlfetch (imap/index.c) can be triggered via urlfetch range checks and the start_octet, with impact described as unspecified. The issue is linked to an incomplete fix for CVE-2015-80...

The vulnerability of the Microsoft .NET Framework software platform allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the ASP.NET software platform, Microsoft .NET Framework, exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject any desired web or HTML code using a specially crafted variable value...

openssh security, bug fix, and enhancement update

6.6.1p1-22 - Use the correct constant for glob limits 1160377 6.6.1p1-21 - Extend memory limit for remote glob in sftp acc. to stat limit 1160377 6.6.1p1-20 - Fix vulnerabilities published with openssh-7.0 1265807 - Privilege separation weakness related to PAM support - Use-after-free bug related...

openSUSE Security Update : sudo (openSUSE-2015-687)

sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

Design/Logic Flaw

The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service divide-by-zero error and application crash via unspecified vectors related to the headindex variable...

sudo: unsafe handling of TZ environment variable

It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...